CVE-2006-6268 Information
Description
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename as demonstrated by \default.gif\ followed by a double-encoded NULL and ’ (apostrophe) (25002527).
Reference
http://securityreason.com/securityalert/1954
http://www.nukedx.com/?viewdoc=51
http://www.securityfocus.com/archive/1/452259/100/100/threaded
http://www.securityfocus.com/bid/21227
SQL
injection
vulnerability
in
system/core/profile/profile.inc.php
in
Neocrome
Land
Down
Under
(LDU)
8.x
and
earlier
allows
remote
authenticated
users
to
execute
arbitrary
SQL
commands
via
a
url-encoded
id
parameter
to
users.php
that
begins
with
a
valid
filename
as
demonstrated
by
\default.gif
followed
by
a
double-encoded
NULL
and
'
(apostrophe)
(25002527).